I currently have Nginx running as a reverse proxy in front of Apache on the same server to serve static contents. i.e. Nginx listening to port 80 then proxy_pass to 127.0.0.1:8000, Apache listening to 127.0.0.1:8000.

I am trying to setup Apache to serve SSL / https content. After I setup Apache and a new virtual host to listen to :443, I am getting 502 Bad gateway from Nginx on HTTP connections. I checked the Nginx logs and it says "conection refused while connecting to upstream http://127.0.0.1:8000".

I am not sure if I am approaching this correctly. Should Nginx listen to both 443 and 80 then both proxy_pass to 127.0.0.1:8000? Or do I setup a separate VirtualHost on apache to listen for 443?

Current setup:
NGINX:
server {
listen 80;
root /www
index index.php index.html index.htm;
server_name example.com;
.....
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8000;
proxy_read_timeout 240s;
}
}

Apache ports.conf:
NameVirtualHost 127.0.0.1:8000
Listen 127.0.0.1:8000

<IfModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>

Apache Vhost1
<VirtualHost 127.0.0.1:8000>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /www
...
</VirtualHost>

Apache Vhost2
<VirtualHost *:443>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /www
...
</VirtualHost>

Simon,

It appears you have apache configured to only listen on the loopback address (127.0.0.1). Change the lines:

Listen 127.0.0.1:8000 -> Listen *:8000

and change
<VirtualHost 127.0.0.1:8000> -> <VirtualHost *:8000>

Then, restart apache and give that a shot.

Edit:
Sorry - missed the part about them being on the same server. Can you curl http://127.0.0.1:8000 and get a valid response?

@SeanTobin I think so im getting a valid response. The site works fine without the second vhost <VirtualHost *:443> enabled. Only when i enable vhost2, then i get 502 bad gateway from nginx. weird.

:~$ curl 127.0.0.1:8000
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.14 (Ubuntu) Server at 127.0.0.1 Port 8000</address>
</body></html>

The 401 error will cause nginx to reply with a bad gateway. If you can get it to work without apache listening on 443, I'd do that. You can set up nginx to listen on both 80 and 443 and do all your https encryption in nginx. You can use the same backend for both servers.

I just ended up having NGINX listen to 443 as well, and then it just worked.

I added in bold:

server {
listen 80;
listen 443 default ssl;
ssl_certificate example.crt;
ssl_certificate_key example.key;
root /www
index index.php index.html index.htm;
server_name example.com;
.....
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8000;
proxy_read_timeout 240s;
}
}